Commit b1ec488b authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: nf_conntrack_sip: fix some off-by-ones

"limit" marks the first character outside the bounds.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 3d244121
...@@ -192,10 +192,10 @@ int ct_sip_lnlen(const char *line, const char *limit) ...@@ -192,10 +192,10 @@ int ct_sip_lnlen(const char *line, const char *limit)
{ {
const char *k = line; const char *k = line;
while ((line <= limit) && (*line == '\r' || *line == '\n')) while ((line < limit) && (*line == '\r' || *line == '\n'))
line++; line++;
while (line <= limit) { while (line < limit) {
if (*line == '\r' || *line == '\n') if (*line == '\r' || *line == '\n')
break; break;
line++; line++;
...@@ -211,7 +211,7 @@ const char *ct_sip_search(const char *needle, const char *haystack, ...@@ -211,7 +211,7 @@ const char *ct_sip_search(const char *needle, const char *haystack,
{ {
const char *limit = haystack + (haystack_len - needle_len); const char *limit = haystack + (haystack_len - needle_len);
while (haystack <= limit) { while (haystack < limit) {
if (case_sensitive) { if (case_sensitive) {
if (strncmp(haystack, needle, needle_len) == 0) if (strncmp(haystack, needle, needle_len) == 0)
return haystack; return haystack;
...@@ -229,7 +229,7 @@ static int digits_len(const struct nf_conn *ct, const char *dptr, ...@@ -229,7 +229,7 @@ static int digits_len(const struct nf_conn *ct, const char *dptr,
const char *limit, int *shift) const char *limit, int *shift)
{ {
int len = 0; int len = 0;
while (dptr <= limit && isdigit(*dptr)) { while (dptr < limit && isdigit(*dptr)) {
dptr++; dptr++;
len++; len++;
} }
...@@ -240,7 +240,7 @@ static int digits_len(const struct nf_conn *ct, const char *dptr, ...@@ -240,7 +240,7 @@ static int digits_len(const struct nf_conn *ct, const char *dptr,
static int skp_digits_len(const struct nf_conn *ct, const char *dptr, static int skp_digits_len(const struct nf_conn *ct, const char *dptr,
const char *limit, int *shift) const char *limit, int *shift)
{ {
for (; dptr <= limit && *dptr == ' '; dptr++) for (; dptr < limit && *dptr == ' '; dptr++)
(*shift)++; (*shift)++;
return digits_len(ct, dptr, limit, shift); return digits_len(ct, dptr, limit, shift);
...@@ -302,13 +302,13 @@ static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr, ...@@ -302,13 +302,13 @@ static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
/* Search for @, but stop at the end of the line. /* Search for @, but stop at the end of the line.
* We are inside a sip: URI, so we don't need to worry about * We are inside a sip: URI, so we don't need to worry about
* continuation lines. */ * continuation lines. */
while (dptr <= limit && while (dptr < limit &&
*dptr != '@' && *dptr != '\r' && *dptr != '\n') { *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
(*shift)++; (*shift)++;
dptr++; dptr++;
} }
if (dptr <= limit && *dptr == '@') { if (dptr < limit && *dptr == '@') {
dptr++; dptr++;
(*shift)++; (*shift)++;
} else { } else {
...@@ -332,7 +332,7 @@ int ct_sip_get_info(const struct nf_conn *ct, ...@@ -332,7 +332,7 @@ int ct_sip_get_info(const struct nf_conn *ct,
limit = dptr + (dlen - hnfo->lnlen); limit = dptr + (dlen - hnfo->lnlen);
while (dptr <= limit) { while (dptr < limit) {
if ((strncmp(dptr, hnfo->lname, hnfo->lnlen) != 0) && if ((strncmp(dptr, hnfo->lname, hnfo->lnlen) != 0) &&
(hnfo->sname == NULL || (hnfo->sname == NULL ||
strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) { strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment